GooRoo
Administrator
Owner Administrator
I luv Gruntz!
Posts: 7,425
Display Name: GooRoo
|
Post by GooRoo on Feb 18, 2020 13:22:12 GMT -8
As many of you are aware, there has been a push to move all websites to HTTPS to increase security for all websites online. We have been preparing for this transition for over a year now, and are ready to move forward. There are a couple things you should be made aware of, so please read on. Redirecting to HTTPS
When this change goes live, we will automatically redirect forums from http to https. For example, this support forum will change from http://support.proboards.com to https://support.proboards.com. Mixing HTTPS & HTTP Content
In order for your web browser to identify a website as "secure" at the top, everything that loads from that website must be loaded securely over https. When visiting a secure webpage, if that webpage loads an image or other content from a webpage that is http (not https), this is not considered secure. Therefore, browsers may display a warning message such as this one from Chrome: Across ProBoards, users have posted literally millions of pictures, many of which load from insecure websites. These pictures might be in posts, avatars, or even forum logos. When you load your forum, we want the browser to say that it is fully secure. How can we do that when users have included images from insecure websites in their posts? Forcing all Content to HTTPS
Thankfully, there is a simple solution which modern browsers support. Websites have a special way to tell browsers that all content should load over https, even if the webpage has images or other content that are http. This results in a secure connection for all content. But, there is a catch.
When you load a secure webpage, and the browser is told to load all content securely, what happens to hotlinked content on websites that don't allow https? The content will fail to load. This browser feature exists to ensure webpage content stays 100% secure. Example scenario: What about content hosted by ProBoards (uploaded avatars, theme CSS, plugin JavaScript, etc)?Content that loads from ProBoards servers will work without issue. Is there a test forum that is live where I can see HTTPS in action on ProBoards?Yes, in fact this Support Forum is set to SSL mode right now. All pages load over HTTPS! If you experience any problems with this forum, please let us know. How can I test if there will be any problems on my forum?Most forums should not experience any issues. For the average forum, we recommend checking: - If you have a forum logo, verify that the URL works over https
- If your profile avatar is hotlinked from a third party website, check to make sure the link works over https
To check if a URL works over https, change "http://" to "https://" and load the URL in your browser. If it loads, then there is no problem. If it does not load, then you will want to upload that content to a different website that does support https, and update the URL on your forum. What about Custom Domains?We will be supporting HTTPS for all custom domains. However, to do so requires that we obtain a security certificate for every custom domain, which means we incur additional costs. Due to this, the price for custom domains is changing to $19.99/year. I want to note that we do not make a profit on our custom domain service. In fact, we lose money by offering this service, even at this increased rate. If you already paid for your custom domain at the old rate, you will still get SSL on your domain with no additional charge. The new rate will only apply once you go to renew your domain with us in the future. When is this change going into effect?We do not have an exact date, but we anticipate that we will go live in the next week or two. Custom domains may go live on a different date than non-custom domain forums. Stay tuned for future announcements. Does this affect links to other websites?No, this only affects content that loads inside the forum itself, such as images, JavaScript, and CSS. Links that you can click to to other websites are not affected by this change. tl;)rHTTPS is coming to all ProBoards forums. You probably won't have any issues with this change. If you load content (such as images) from third party websites on your forum, you may want to check to make sure they work over HTTPS using the above instructions.
|
|
GooRoo
Administrator
Owner Administrator
I luv Gruntz!
Posts: 7,425
Display Name: GooRoo
|
Post by GooRoo on Feb 18, 2020 14:03:33 GMT -8
By removing the 's' from 'https', our images may be restored. The cost for being https (acquiring a certificate) is prohibitive, around 368GB (I am told) which I take as 368 Great Britain pounds.
|
|
Zu
Retired Staff
Posts: 752
|
Post by Zu on Feb 18, 2020 15:52:19 GMT -8
It would appear that at this moment, the exact price for adding the SSL certificate is 64 US dollars, with the certificate lasting a full year. godaddy.com/web-security/ssl-certificateDo you have enough funds from us to cover this? Do we have to add any more to cover the cost?
|
|
BattlezM
Moderator
Is my hat too big?
Posts: 1,308
|
Post by BattlezM on Feb 18, 2020 18:02:26 GMT -8
The problem is that the images on the forum are being hosted under gooroosgruntz.info, not gooroosgruntz.proboards.com . The latter is already under SSL coverage, per proboard's updates. If we just move all the images to be under this domain, the problem should be resolved. If this isn't possible, or doesn't work, I would highly recommend we use a cdn such cloudfront (https://aws.amazon.com/cloudfront/pricing/) to host our images. There is a very good chance it will be cheaper than having to buy a new SSL certificate just to secure image hosting.
|
|
GooRoo
Administrator
Owner Administrator
I luv Gruntz!
Posts: 7,425
Display Name: GooRoo
|
Post by GooRoo on Feb 18, 2020 18:23:02 GMT -8
It would appear that at this moment, the exact price for adding the SSL certificate is 64 US dollars, with the certificate lasting a full year. godaddy.com/web-security/ssl-certificateDo you have enough funds from us to cover this? Do we have to add any more to cover the cost? I am reluctant to even consider $64 a year for a certificate. A one-time fee, yes, but a recurring one at the current level of activity? My simple solution of removing the 's' works. It is definitely an inconvenience, but does not affect anyone's pocketbook. This is just another form of business (whether BIG or little) doing its best to extract funds from the users. Do you remember Bill Gates' statement that with his software "you only need 640KB (kilobytes) to use his computer"? (Might be paraphrased a bit.) These things start small ... but grow.
|
|
|
BattlezM
Moderator
Is my hat too big?
Posts: 1,308
|
Post by BattlezM on Feb 18, 2020 18:50:41 GMT -8
Before looking into cdns too much, is there a reason we're just not using gooroosgruntz.proboards.com for some of the more basic common images the forum has? gooroosgruntz.proboards.com is already under the SSL, so moving images over to here is potentially a guaranteed, free solution.
|
|
GooRoo
Administrator
Owner Administrator
I luv Gruntz!
Posts: 7,425
Display Name: GooRoo
|
Post by GooRoo on Feb 18, 2020 19:37:52 GMT -8
Before looking into cdns too much, is there a reason we're just not using gooroosgruntz.proboards.com for some of the more basic common images the forum has? gooroosgruntz.proboards.com is already under the SSL, so moving images over to here is potentially a guaranteed, free solution. This forum uses well into the thousands of images, counting everything that passes to it from GoDaddy. Somehow, I believe we would be far in excess of the ProBoards limit.
So far, it appears that Cloudfare is the economical solution, but will probably not be the least time-intensive one. I would not want the web site pages to be handled via Cloudfare, for instance, just the images used by this forum. If that meant redoing URLs, that is NOT an option at all.
Next step: contact GoDaddy to see what they can do to provide the SSL certificate ... without the annual fee.
|
|
GooRoo
Administrator
Owner Administrator
I luv Gruntz!
Posts: 7,425
Display Name: GooRoo
|
Post by GooRoo on Feb 18, 2020 19:40:47 GMT -8
P.S. All of those links that are external to GoDaddy, such as the YouTube videos, the various Statz Page images, etc. Gruntzerz submit via 'free' web sites will have to be copied into the common hosting media in order to be covered under that SSL.
|
|
GooRoo
Administrator
Owner Administrator
I luv Gruntz!
Posts: 7,425
Display Name: GooRoo
|
Post by GooRoo on Feb 18, 2020 22:31:38 GMT -8
I went to check on how "GooRoo's Gruntz - The Journey Home" was doing, and it is doing fine. Then I clicked on the link back to THIS forum. And most of the buttons and images here are displaying properly. (My avatar and signature line are NOT.) I suppose if I went to any Announcement thread, the images would all be the little box with what looks like a torn sheet of paper inside it. Strange! No background when I left this thread, and the background came back when I returned here. Perhaps the proboards (or SSL) software gradually 'learns' when an image is safe?
|
|
|
Post by swietymiki on Feb 19, 2020 7:47:24 GMT -8
My simple solution of removing the 's' works. That sounded like a relatively simple thing to automate... So I created a browser extension, which automatically redirects the user to the HTTP version of the forum: Attachment DeletedWorks on Google Chrome, new Microsoft Edge and likely other Chromium-based browsers. Of course you can't call it a solution to this entire problem... Requiring every visitor to install a dedicated extension to see images on the forum would be outrageous. But it lets our dedicated members view the site "normally" for the time being. Install instructions: First unzip the file. Next open up chrome://extensions/ (or edge://extensions/) and turn on "Developer mode". Now click "Load unpacked extension..." and select the extension’s directory. The loaded extension will show up on the extensions list and on the right side of the URL bar. The extension will remain inactive outside of this forum (its icon will be grayed out).
|
|
BattlezM
Moderator
Is my hat too big?
Posts: 1,308
|
Post by BattlezM on Feb 19, 2020 8:10:02 GMT -8
I went to check on how "GooRoo's Gruntz - The Journey Home" was doing, and it is doing fine. Then I clicked on the link back to THIS forum. And most of the buttons and images here are displaying properly. (My avatar and signature line are NOT.) I suppose if I went to any Announcement thread, the images would all be the little box with what looks like a torn sheet of paper inside it. Strange! No background when I left this thread, and the background came back when I returned here. Perhaps the proboards (or SSL) software gradually 'learns' when an image is safe? "GooRoo's Gruntz - The Journey Home" is under the gooroosgruntz.info/ domain, which I believe is the one you own through godaddy correct?
This domain is separate to the domain the main Gruntz forum we're on here, is hosted under. Here we are hosted under gooroosgruntz.proboards.com/. Plainly and simply, stuff coming over from gooroosgruntz.info is considered third party. There is no 'learning' of a safe image. You are either loading content from a trusted https source, or you are not.
If you want to host images on the forum here from gooroosgruntz.info/, you would have to get a SSL certificate for that site. It should be much cheaper than 64$ to get a SSL certificate, but you would have to do looking further than proboards/godaddy, since their cited price of 64$ a year for one, is frankly a bit ludicrous.
The other solution I recommended to look into, the cdn service, would allow you to upload the images to a trusted https source, such as cloudflare, to be able to pull images from there rather than using storage on gooroosgruntz.proboards.com/
The quick solution for now would be just to upload some of the most basic images (such as the navigation buttons in the header, or icons for forum subsections) to the gooroosgruntz.proboards.com/. I would be surprised if this went over our storage limit here.
For other images such as statz pages, map overviews, and other large graphics images, the cdn service would be the most economical solution.
|
|
GooRoo
Administrator
Owner Administrator
I luv Gruntz!
Posts: 7,425
Display Name: GooRoo
|
Post by GooRoo on Feb 19, 2020 9:44:09 GMT -8
At least, now, I can see the TEXT identifiers of the main menu! "Click, click, click! What do you think I am, a chipmunk?"
I installed the Cloudflare script, and the only result was the reappearance of (part of) the navigation tools.
|
|
GooRoo
Administrator
Owner Administrator
I luv Gruntz!
Posts: 7,425
Display Name: GooRoo
|
Post by GooRoo on Feb 19, 2020 16:59:49 GMT -8
Well, now I find that computers going belly-up have entered into the recovery process. There are files on the web host that are NOT on my computer ... which I am using to provide some of the missing images. And my time has run out for the next 36 hours.
|
|
GooRoo
Administrator
Owner Administrator
I luv Gruntz!
Posts: 7,425
Display Name: GooRoo
|
Post by GooRoo on Feb 19, 2020 21:52:29 GMT -8
Bummer! I just completed uploading all 8 graphic area Rock images to ProBoards storage, and filled out the images in the main menu right side header. (Looks good!) But none of the Announcements were 'magically' presented (full size or not). So in order to fix just Rock images, about a thousand occurrences would have to be updated.
So restoring the tens of thousands of images from GoDaddy would take me years to complete ... about as many years as this forum has been in existence ... even if I took the time to upload every one of them to ProBoards storage.
BTW, that storage has a limit of 50MB (rather generous, at that) and I have used up about 1MB with the images I have uploaded so far.
So I really need to follow the SSL route. No response from GoDaddy about that solution, yet.
|
|
GooRoo
Administrator
Owner Administrator
I luv Gruntz!
Posts: 7,425
Display Name: GooRoo
|
Post by GooRoo on Feb 19, 2020 22:07:32 GMT -8
BattlezM, you see the progress I have made following your suggestion to upload the 'critical' images to ProBoards storage. There is a long way to go taking the manual route.
I can use NotePad++ to make certain global changes, by opening multiple files at once, and doing a "Replace All in all opened documents", with the ProBoards URL replacing all of the respective GoDaddy URLs. That would be do-able for about 20 documents at a time. What are there? Maybe a thousand or two posts containing GoDaddy hosted images? Not a practical solution.
As my time permits, I will pursue a solution from GoDaddy (whose staff has not been very responsive, so far) regarding an SSL certificate.
|
|
|
Post by swietymiki on Feb 20, 2020 8:12:23 GMT -8
My simple solution of removing the 's' works. Speaking of this again, it seems not to be working anymore (and my extension with it, heh). I'm being auto redirected to the HTTPS version of the site regardless of what I do. I replaced links to images on the home page, so that they'll continue to work even when Gruntz - The Journey Home goes down. I don't imagine myself doing the same for all existing Custom Level threads though . By the way I changed the design on the "New Posts" and "Forum Information & Statistics" icons, as an experiment.
|
|
GooRoo
Administrator
Owner Administrator
I luv Gruntz!
Posts: 7,425
Display Name: GooRoo
|
Post by GooRoo on Feb 20, 2020 11:34:34 GMT -8
Why did the animated 'New' and 'Old' images need to be replaced? Now there is a blank space where 'New' used to be associated with 'Participated'. (And the colors are far too similar.)
A positive note is that both "To the bottom" and "To the top" animations appear as they should. Where was the change made to do that? (Answer in PM.)
And the animated Wand (my 'star' replacement) is back to the 'plain Jane' version. Hmmmm.
|
|
|
Post by swietymiki on Feb 20, 2020 15:10:52 GMT -8
The blank space was there since the HTTPS change happened. I only now fixed its link in the CSS Style Sheet which was still pointing to gooroosgruntz.info. The rest is in the PM.
|
|
GooRoo
Administrator
Owner Administrator
I luv Gruntz!
Posts: 7,425
Display Name: GooRoo
|
Post by GooRoo on Feb 21, 2020 8:59:11 GMT -8
Nice touch, Swietymiki, with the New/Old indicators for the main menu! The only way I could imagine a better Gruntzy theme would be for the 'Old' Coin to be a Dali meltover type.
|
|